Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently.

The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store for free downloads and developed by "TheTrollBox" account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions.

HOW CHROME EXTENSION STEALS CRYPTOCURRENCY

It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users’ web activity and looks for those users who go to Cryptocurrency exchange sites such as Coinbase and MintPal.

After realizing that the user is performing a transaction in digital coins, the malicious extension replaces the receiving address, where the user is trying to transfer his Cryptocurrency, with the a different BTC address of its own (attacker's bitcoin address)

The same happened to a Reddit user, who had been reported this activity from the Cryptocurrency exchange MintPal in a withdrawal confirmation. After then he posted a Warning about the rogue extension on Reddit, advising all to “Be careful of what you install on your devices you use to access your wallets.”